Server computing devices, to protect against individual device failures, often operate in a clustered environment, where multiple server computing devices maintain equivalent access to multiple volumes of data. Should one of the server computing devices fail, another server computing device can assume the former's duties and server operations can resume with a minimum of downtime. Similarly, data in such a server cluster, is likewise often stored in a redundant manner, such that, should one volume of data experience a failure, the data would remain accessible through one or more other volumes. In such a manner, a clustered environment, with multiple computing devices each maintaining equivalent access to multiple volumes of data, can provide a greater measure of fault-tolerance.
Traditionally, the data contained within a volume of data, which is typically stored on a data storage hardware device, such as a hard drive, is protected from unauthorized access by the computer-executable instructions of the computing device to which the data storage device is communicationally coupled. If the data storage device were, however, to be communicationally decoupled from a host computing device having such protective computer-executable instructions, the data could be accessed and its security compromised. To prevent such unauthorized access of data, the notion of “full volume encryption” was developed, whereby all of the relevant data stored on a data storage device was stored in an encrypted manner. Consequently, even if such a data storage device were to be independently accessed, through a computing device having no executable instructions for the protection of the data, the data could, nevertheless, remain protected, since it would be physically stored in an encrypted manner.
To limit access to data protected through full volume encryption, the key used to decrypt the data can be protected, such as by a password, key card, or similar security device. Unfortunately, should a user lose access to such a security device, a new key would need to be generated. Such a new key would require that the data be encrypted in such a manner that the new key could decrypt it. Consequently, the creation of such a new key would entail the computationally expensive, and lengthy, process of decrypting the volume and, subsequently, reencrypting it in such a manner that the new key could decrypt it. To avoid such inefficiencies, a layer of indirection was added whereby the key that can decrypt the data is, itself, encrypted by another key. This second key is then protected by a security device. Should a user lose access to the security device, only the second key would need to be changed, requiring only the decryption, and subsequent reencryption, of the first key, and not of all of the data itself.